Security Incidents mailing list archives
Re: SYN/ACK to port 53
From: Daniel Martin <dtmartin24 () home com>
Date: 24 May 2001 17:44:04 -0400
"DeCamp, Paul" <PDeCamp () MedManageSystems com> writes:
Any assistance would be appreciated, and better yet, any advice as to where on the Internet is a good location for looking up such obviously abnormal activity and what possible explanations may be. Thanks.
Could this be backscatter from someone else's SYN floods? That is, could these be packets being sent by a target machine in response to packets with a spoofed source address of your machine? The recent paper on using backscatter measurements for some statistical analysis of DOS attacks on the internet as a whole may be useful: http://www.caida.org/outreach/papers/backscatter/
Current thread:
- SYN/ACK to port 53 DeCamp, Paul (May 24)
- Re: SYN/ACK to port 53 Daniel Martin (May 25)
- Re: SYN/ACK to port 53 Ryan Russell (May 25)
- RE: SYN/ACK to port 53 Golden_Eternity (May 26)
- <Possible follow-ups>
- Re: SYN/ACK to port 53 Bill_Royds (May 25)
- RE: SYN/ACK to port 53 Steve Halligan (May 25)
- RE: SYN/ACK to port 53 DeCamp, Paul (May 25)
- RE: SYN/ACK to port 53 Keith.Morgan (May 25)